New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 789046 link

Starred by 2 users
Status: Duplicate
Merged: issue 766092
Owner: ----
Closed: Nov 2017
Cc:
mastiz@chromium.org
tschumann@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: Bug-Security



Sign in to add a comment

Full list of managed passwords can be imported by the next person to sign into chrome

Reported by hanumans...@gmail.com, Nov 28 2017 
After signing out from chrome, the next person to sign in gets offered the option to import all settings, bookmarks and passwords. This can all be done without any authentication or verification or any security step.  All it does is ask if the last account to use chrome was also you?  Anyone can say yes, and it will merge the previous user's saved passwords right in.  This is a huge risk and breach.  Upon signing out of chrome, most would expect that a following user would have no way of accessing their saved passwords. There wasn't even a security alert email sent to let the prior use know that his full list of passwords has been breached.

Comment 1 by hanumans...@gmail.com, Nov 28 2017 

Sorry, I forgot to mention the machine details:
Chrome Version 62.0.3202.94 (Official Build) (64-bit)
Fully updated windows 10 home: 10.0.15063 build 15063
Asus laptop. Intel core i7-3630QM

I noticed the issue while accessing a shaw home wifi network

Comment 2 by elawrence@chromium.org, Nov 28 2017

Mergedinto: 766092
Status: Duplicate (was: Unconfirmed)
In Chrome 61 and later (if not earlier), signing out shows a prompt which offers the option to remove locally-stored sync data.
SignoutPrompt.png
26.9 KB View Download

Comment 3 by elawrence@chromium.org, Nov 28 2017

Components: Services>Sync
Project Member

Comment 4 by sheriffbot@chromium.org, Mar 7 2018

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment